[[indexes:import_ca_certificates_for_openssl_to_use]]
 
Trace: how_do_i_connect_to_a_secure_smtp_server how_do_i_extract_information_from_a_certificate how_do_i_get_the_fingerprint_of_a_certificate how_do_i_retrieve_a_remote_certificate how_do_i_verify_a_certificate hp_and_cpu_fan_constantly_on_after_resume i_o_scheduler_algorithm ibex_and_altgr ideapad_critical_low_hibernate import_ca_certificates_for_openssl_to_use

Start out by finding the location for the certificates to be stored: 

openssl version -d
OPENSSLDIR: "/usr/lib/ssl"

Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.

Now upload the CA certificates in PEM format into OPENSSLDIR/certs.

Next use this script to create the symbolic links inside the certs directory: 

#!/bin/sh
#
# usage: certlink.sh filename [filename ...]

for CERTFILE in $*; do
  # make sure file exists and is a valid cert
  test -f "$CERTFILE" || continue
  HASH=$(openssl x509 -noout -hash -in "$CERTFILE")
  test -n "$HASH" || continue

  # use lowest available iterator for symlink
  for ITER in 0 1 2 3 4 5 6 7 8 9; do
    test -f "${HASH}.${ITER}" && continue
    ln -s "$CERTFILE" "${HASH}.${ITER}"
    test -L "${HASH}.${ITER}" && break
  done
done

Now go into OPENSSLDIR/certs and run the script: 

certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem

Now openssl will verify certificates signed by these CA's.

indexes/import_ca_certificates_for_openssl_to_use.txt · Last modified: 2009/06/24 10:12 by domingo
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki